Data Encryption & Security
How TyneBase protects your data with encryption and security measures.
Read time:5 minUpdated:2026-01-10
Data Encryption & Security
TyneBase implements multiple layers of security to protect your data.
Encryption at Rest
All stored data is encrypted:
| Data Type | Encryption | Key Management |
|---|---|---|
| Database | AES-256 | Supabase managed |
| File storage | AES-256 | Supabase managed |
| Backups | AES-256 | Isolated keys |
Encryption in Transit
All data transmission uses:
- TLS 1.3: Latest protocol version
- HTTPS: All endpoints encrypted
- HSTS: Strict transport security
- Certificate pinning: Mobile apps
Authentication Security
Password Requirements
- Minimum 12 characters
- Must include uppercase, lowercase, number
- Breach database checking
- No common passwords
Multi-Factor Authentication
MFA is currently in development. Coming soon:
- Authenticator apps (TOTP)
- SMS verification
- Hardware keys (WebAuthn)
Session Security
| Setting | Value |
|---|---|
| Session timeout | 24 hours |
| Idle timeout | 1 hour |
| Concurrent sessions | Unlimited |
| Session revocation | Immediate |
View and revoke sessions in Settings → Security → Sessions.
Infrastructure Security
Network Security
- DDoS protection (Cloudflare)
- WAF rules
- Rate limiting
- IP reputation filtering
Application Security
- Input validation
- SQL injection prevention (RLS)
- XSS protection
- CSRF tokens
Compliance
We're working toward formal compliance certifications:
| Standard | Status |
|---|---|
| SOC 2 Type II | In progress (see SOC 2 doc) |
| GDPR | Compliant (see GDPR doc) |
| HIPAA | Coming soon (Enterprise) |
| ISO 27001 | Planned |
Security Reporting
Report vulnerabilities responsibly:
- Email: security@tynebase.com
- PGP Key: Available on our security page
- Bug Bounty: Coming soon
Response SLA:
- Critical: 24 hours
- High: 72 hours
- Medium: 7 days